News

We’re blind to malicious AI until it hits. We can still open our eyes to stopping it

Opinion  Last year, The Register reported on AI sleeper agents. A major academic study explored how to train an LLM to hide destructive behavior from its users, and how to find it before it triggered. The answers were unambiguously asymmetric — the first is easy, the second very difficult. Not what anyone wanted to hear.…

Alleges bias and security problems

US President Donald Trump has demanded Microsoft fire its recently appointed head of global affairs Lisa Monaco.…

PLUS: Interpol recoups $439M from crims; CISA criticizes Feds security; FIFA World Cup nets dodgy domain deluge

Infosec In Brief  Police in the Netherlands arrested two 17-year-olds last week over claims that Russian intelligence recruited them to spy on the headquarters of European law enforcement agencies.…

PLUS: US court grounds China’s DJI; India requires 2FA for most payments; Great Firewall busters launch VPN; and more!

Asia In Brief  Over 600 e-government services operated by South Korea’s government are offline after a datacenter fire disrupted operations.…

Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week

RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June 2024 and July 2025, exploiting buggy internet-facing appliances to deploy a Go-based backdoor called Pantegana and other offensive security tools, including Cobalt Strike and SparkRAT.…

Chinese giant maps out datacenters across Europe and beyond, yet US chip curbs cast a long shadow

Analysis  Alibaba this week opened an AI war chest containing tens of billions of dollars, a revamped LLM lineup, and plans for AI datacenters in Europe. But it also prompted a flurry of questions over how it will achieve all this in an increasingly fragmented IT landscape, when critical resources are in short supply.…

Act passed in 2015 is due to lapse unless a continuing resolution passes - and that's unlikely

Barring a last-minute deal, the US federal government would shut down on Wednesday, October 1, and the 2015 Cybersecurity Information Sharing Act would lapse at the same time, threatening what many consider a critical plank of US cybersecurity policy.…

Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses

The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while continuing to target developers.…

CRM giant denies security shortcomings as claims allege stolen data used for ID theft

Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.…

Researchers say tens of thousands of instances remain publicly reachable

Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.…

Operation Cronos didn’t kill LockBit – it just came back meaner

Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. …

More fun with AI agents and their security holes

A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.…

The downstream consequences of Miljödata’s ransomware attack continue to affect major organizations

Volvo North America is the latest large organization to announce attackers accessed employee data after a ransomware attack struck its HR system provider.…

CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies

Cybersecurity agencies on both sides of the Atlantic are sounding the alarm over Cisco firewall vulnerabilities that are being exploited by an "advanced threat actor."…

Prime Minister Starmer revives controversial scheme despite past denials, sparking civil liberties backlash

The UK government plans to issue all legal residents a digital identity by the end of the current Parliament, which could run until August 2029, with its use required to get a job.…

It’s amazing the number of calls Jo, Helen, and Ian get through

The UK's data protection watchdog fined two Brit businesses with offshore call centers £550,000 (c $735,000) over illegal automated marketing calls.…

Keeping Pyongyang's coffers full

North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools, including a backdoor that has much of the same code as Pyongyang's infamous Lazarus Group deploys.…

Images of toddlers and home addresses leaked in reprehensible landmark attack

A cyber criminal crew has targeted Kido International, a preschool and daycare organization, leaking sensitive details about its pupils and their parents.…

The latest in a run of serious networking bugs gives attackers root if they have SNMP access

Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.…

Biometric Entry/Exit System phased in from October to 29 Schengen countries

Travelers including Britons and Americans visiting most European countries will have to register their fingerprints and faces under a system that goes live next month.…